It never hurts to be careful with where you plug in your devices.
The FBI has once again warned the public against using public USB ports to recharge an iPhone or iPad, with “juice jacking” attacks infecting mobile devices connected to the ports.
While most people are familiar with malicious apps and online attacks being performed over the Internet, physical attacks, though rarer, are still present. Still, a number of people still leave their devices open to potential attack by using public recharging points.
In a warning distributed via Twitter on April 6, the Federal Bureau of Investigation’s Denver office posted a warning to “avoid using free charging stations in airports, hotels, or shopping centers.” The agency stated that it believes bad actors have “figured out ways to use public USB ports to introduce malware and monitoring software onto devices.”
The theory here is that public USB charging points could be compromised by an attacker. Given that the public doesn’t necessarily believe a seeming power source available for free use could be malicious, the device owners will use the connection without contemplating whether attacks could be made on their hardware.
While Apple does include “Trust this device” prompts in both its iOS and iPadOS mobile operating systems. This prevents any data transfers from occurring once you connect a new accessory to it until permission has been granted. If such a notice appears on a device connected to what should be a power-only USB port, you should disconnect it immediately. However, it is also possible for the notification to be bypassed, if the attack itself is sophisticated enough. If you’re actively using the iPhone while it is plugged in, you may not necessarily see the prompt at all.
The FBI has recommended using your own chargers and USB cables to receive power from an electrical outlet, rather than trust a potentially compromised component.
Stay tuned for additional details as they become available.
Via AppleInsider and @FBIDenver